A bug bounty hunter has recently earned $55,000 for reporting this exploit with a separate set of RCE flaws. The GitHub security team recently patched an account takeover vulnerability based on the GitHub Gist code-sharing service, earning its finder a $10,000 reward.
GitHub Gist allows developers to instantly share code snippets through either private or public repositories. On October 19, William “vakzz” Bowling released a GitHub security advisory – one of three – which disclosed a severe bug exposing separate ‘gists’ due to various open redirect errors.
As Gist and GitHub use various session tokens, it was the only access to Gist that was granted.